General
-
Target
a5822aa468d2b680034f0d9d9e25a67881ec60f95c8acde363aa11b631b0c38c
-
Size
499KB
-
Sample
220521-aak2sacgbp
-
MD5
ec99f404abaffc5ad38d79a416dd46a4
-
SHA1
69f5c94b89f3832b510d97f0e39918443e12e087
-
SHA256
a5822aa468d2b680034f0d9d9e25a67881ec60f95c8acde363aa11b631b0c38c
-
SHA512
884056a3f4b23ba80606e717952a91759656f3a2f5a7ad3e4f6afe89befe96520278c6face75ded5a4520fd4928ac16c6e88db79252907f65b08dd1789ff4d6d
Static task
static1
Behavioral task
behavioral1
Sample
items details.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
items details.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chikaaka1
Targets
-
-
Target
items details.exe
-
Size
611KB
-
MD5
559f91a6a1e4d850162e1f8990634f97
-
SHA1
d4afc1ae604b732bd2e3bc561565cf85d164eb4c
-
SHA256
1e84d47cbe4d2c6dad2eb7bd8702e8eed6d838311625039a0d8434953f347bb5
-
SHA512
9ffdc41553ad776b99939f118805ba32ab92cc262e11c5dedd2ac41e7e05845d3769f664d598cedadb550c2c382695604662b86e3fa276f039c2dd922f229cad
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-